Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

TUTORIALVaadin lets you build secure, UX-first PWAs entirely in Java.
Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Calling javascript synchronously by Enver Haase, 1 month ago
UIDL containing HTML gets blocked by firewall
Hi,
I am facing a problem with a TextField (Vaadin 7.3.3) having a user input containing HTML tags. This is recognised by our (web application) firewall as XSS and gets blocked. Here is the UIDL POST request:
POST /admin/v1/UIDL/?v-uiId=0 HTTP/1.1
Host: some.server.com
Connection: keep-alive
Content-Length: 174
Origin: https://some.server.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */* Referer: https://some.server.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: AL_SESS-S=AAABLs2qH_JhNTJiNzkyNzg0Y2YzNmZjZWQxMDViNDY0ODgzZjNlMQAAKfkkVjRg4fiA6HX3DJzfoGo4i!0=
{"csrfToken":"f26c6fd9-a3ba-4d01-9644-953f6d8fef9d", "rpc":[["83","v","v",["c",["i","0"]]],["84","v","v",["text",["s","<html>"]]],["84","v","v",["c",["i","6"]]]], "syncId":8
Please note the <html> snippet in the JSON.
Is there any way to work around this? I would prefer to solve this by Vaadin means and not by changing the firewall rules making the application dependant from the environment.
Thanks in advance and kind regards
Michael
Last updated on
You cannot reply to this thread.